I have more than one database (in PostgreSQL), and every database has more than one schema, and I want to give the select permission on all databases(only database level, not schema level) for a particular user. Any suggestion for how this could be done.
https://dba.stackexchange.com/questions/91953/grant-access-to-all-tables-of-a-database.checked this link but its only for schema level.
In SnowFlake, I want to provide access kind ofddl_admin in sql server to a user or role who can drop any tables in schema regardless anybody else is the owner of the table.
There is no concept of having a super role in Snowflake. Everything has to go by access hierarchy.
However, if all the roles are granted to ACCOUNTADMIN role then no matter which user creates the table, that can be dropped by ACCOUNTADMIN.
I am new to SQL Server. I connected to SQL server via SQuirrel Client.
Connection URL:
jdbc:sqlserver://192.xx.xx.xx:1433;databaseName=ep
with username & password.
Then I tried a query on table1 in schema1 -
SELECT * from table1
It returned records. I did not mention schema name in query.
There may be possibility of having tables in different sachems (same database) with same name.
Am I right? If yes, then how will it resolve schema name?
Schema work like a namespace in SQL SERVER, you can create tables, views, sps under a schema and set GRANT, DENY, or REVOKE permissions on those objects. From Implementation of Database Object Schemas
SQL Server 2005 implemented the concept of a database object schema. A schema is a distinct namespace to facilitate the separation, management, and ownership of database objects. It removed the tight coupling of database objects and owners to improve the security administration of database objects. Database object schemas offer functionality to control and help secure application objects within a database environment not available in previous versions of SQL Server.
Just wanted to add here, if you have not specified any schema than, it select dbo as schema.
It is distinguished by its owner. Every object (table ,view ,proc) has an owner which must be a user in the database. For example you may have user1.table1 and user2.table2 in the same database.
So you may type
select * from user1.table1
and
select * from user2.table1
You may see names like dbo.table_name, this means that the owner is the dbo, the database owner. If you do not specify an owner then the system checks dbo and your user (the user that run the command)
I've been trying to figure out why SQL Server has db_owner schema and db_owner role? This is very confusing. I've been searching for answers and so far this is how my understanding goes:
All tables and objects (such as constraints etc) belong to a schema. DBO being the default schema.
A user may be given permission to edit each object or the schema. A permission on the schema extends the permission to all objects within that schema. So you don't have to grant permission on each individual object.
A role groups permissions together for convenience.
If any of this is incorrect let me know. But I think so far so good. Now my questions are:
What exactly is db_owner schema as seen in "Database User" dialog box of SQL Server Management Studio? And on the same dialog, you define the "Default Schema" as dbo. Why aren't the two the same? If by default SQL Server uses dbo to create all objects under, what use is db_owner?
Why would a user want to own a schema? You are assigning permissions/roles already. What does owning db_accessadmin give you?
Can you give an example of when you create objects under db_owner schema and db_accessadmin schema? In other words does anyone legitimately use those schemas?
A SQL Server schema is simply container of objects, such as tables, stored procedures, etc. A Database Role is a group of principals, such as windows logins, sql server users, etc.
The idea is you can have a role of say "IT", and have all IT users under that role. Then you have can a schema called "IT", and have all tables that belong to IT under that. Out of the box SQL Server creates matching schemas for each default user and role in the database, but I think the intention is you customize this to match the needs of your organization.
This article has more information on the differences between owners and schemas. This question on Stack Overflow may also be useful.
I am quoting the below from the following link.
https://msdn.microsoft.com/en-us/library/bb669061(v=vs.110).aspx
SQL Server ships with ten pre-defined schemas that have the same names as the built-in database users and roles. These exist mainly for backward compatibility. You can drop the schemas that have the same names as the fixed database roles if you do not need them. You cannot drop the following schemas:
dbo
guest
sys
INFORMATION_SCHEMA
At least on my local instance, when I create tables, they are all prefixed with "dbo.". Why is that?
dbo is the default schema in SQL Server. You can create your own schemas to allow you to better manage your object namespace.
If you are using Sql Server Management Studio, you can create your own schema by browsing to Databases - Your Database - Security - Schemas.
To create one using a script is as easy as (for example):
CREATE SCHEMA [EnterSchemaNameHere] AUTHORIZATION [dbo]
You can use them to logically group your tables, for example by creating a schema for "Financial" information and another for "Personal" data. Your tables would then display as:
Financial.BankAccounts
Financial.Transactions
Personal.Address
Rather than using the default schema of dbo.
It's new to SQL 2005 and offers a simplified way to group objects, especially for the purpose of securing the objects in that "group".
The following link offers a more in depth explanation as to what it is, why we would use it:
Understanding the Difference between Owners and Schemas in SQL Server
Microsoft introduced schema in version 2005. For those who didn’t know about schema, and those who didn’t care, objects were put into a default schema dbo.
dbo stands for DataBase Owner, but that’s not really important.
Think of a schema as you would a folder for files:
You don’t need to refer to the schema if the object is in the same or default schema
You can reference an object in a different schema by using the schema as a prefix, the way you can reference a file in a different folder.
You can’t have two objects with the same name in a single schema, but you can in different schema
Using schema can help you to organise a larger number of objects
Schema can also be assigned to particular users and roles, so you can control access to who can do what.
You can generally access any object from any schema. However, it is possible to control which users have which access to particular schema, so you can use schema in your security model.
Because dbo is the default, you normally don’t need to specify it within a single database:
SELECT * FROM customers;
SELECT * FROM dbo.customers;
mean the same thing.
I am inclined to disagree with the notion of always using the dbo. prefix, since the more you clutter your code with unnecessary detail, the harder it is to read and manage.
For the most part, you can ignore the schema. However, the schema will make itself apparent in the following situations:
If you view the tables in either the object navigator or in an external application, such as Microsoft Excel or Access, you will see the dbo. prefix. You can still ignore it.
If you reference a table in another database, you will need its full name in the form database.schema.table:
SELECT * FROM bookshop.dbo.customers;
For historical reasons, if you write a user defined scalar function, you will need to call it with the schema prefix:
CREATE FUNCTION tax(#amount DECIMAL(6,2) RETURNS DECIMAL(6,2) AS
BEGIN
RETURN #amount * 0.1;
END;
GO
SELECT total, dbo.tax(total) FROM pricelist;
This does not apply to other objects, such as table functions, procedures and views.
You can use schema to overcome naming conflicts. For example, if every user has a personal schema, they can create additional objects without having to fight with other users over the name.
Something from Microsoft (Documentation)
The dbo user is a special user principal in each database. All SQL Server administrators, members of the sysadmin fixed server role, sa login, and owners of the database, enter databases as the dbo user. The dbo user has all permissions in the database and cannot be limited or dropped. dbo stands for database owner, but the dbouser account is not the same as the db_owner fixed database role, and the db_owner fixed database role is not the same as the user account that is recorded as the owner of the database.
The dbo user owns the dbo schema. The dbo schema is the default schema for all users, unless some other schema is specified. The dbo schema cannot be dropped.
The dbo user owns the dbo schema. The dbo schema is the default schema for all users, unless some other schema is specified. The dbo schema cannot be dropped.
DBO is the default schema in SQL Server. You can create your own schemas to allow you to better manage your object namespace. As a best practice, I always add the "DBO." prefix even though it is not necessary. Most of the time in SQL it's good to be explicit.